#include <stdio.h>
#include <openssl/x509.h>
#include <openssl/objects.h>
#include <openssl/pem.h>

int main(int argc, char* argv[])
{
    X509 *cert;
    X509_EXTENSION *ext;
    int ext_index;

    // 从文件中加载证书
    FILE *cert_file = fopen("/home/ts/document/zhb/ca/user.pem", "r");
    cert = PEM_read_X509(cert_file, NULL, NULL, NULL);
    fclose(cert_file);

    // 查找扩展项的索引
    // ext_index = X509_get_ext_by_NID(cert, NID_basic_constraints, -1);
	
    ext_index = X509_get_ext_by_NID(cert, NID_netscape_comment, -1);

    // 检查是否找到扩展项
    if (ext_index != -1) {
        // 获取扩展项
		printf("ext_index=%d, at line %d.\n", ext_index, __LINE__);
        ext = X509_get_ext(cert, ext_index);
//		printf("ext_index=%d, at line %d.\n", ext->critical, __LINE__);

		int critical = X509_EXTENSION_get_critical(ext);
		if (critical) {
			printf("Extension with NID %d is critical\n", ext_index);
		} else {
			printf("Extension with NID %d is not critical,critical=%d\n", ext_index, critical);
		}

        // 删除扩展项
        /*X509_EXTENSION *ret = X509_delete_ext(cert, ext_index);
		if (NULL != ret) {
			printf("delete NID_basic_constraints success,at line %d.\n", __LINE__);
		}
		if(ext == ret)
		{
			printf("=======,at line %d.\n", __LINE__);
		}*/

		ASN1_OCTET_STRING *extData = X509_EXTENSION_get_data(ext);
		int len = extData->length;
		printf("len=%d.\n", len);
		for(int index=0; index < len; index++)
		{
	        if(index%16 == 0)
	        {
	            printf("\n");
	        }
	        printf("0x%02x, ", extData->data[index]);
		}
		printf("\n");
    }

	int nRet=X509_EXTENSION_set_critical(ext, 1);/* 设置为关键扩展 */
	int critical2 = X509_EXTENSION_get_critical(ext);
	if (critical2) {
		printf("Second:Extension with NID %d is critical\n", ext_index);
	} else {
		printf("Second:Extension with NID %d is not critical,critical=%d\n", ext_index, critical2);
	}

    // 释放证书内存
    X509_free(cert);

    return 0;
}

